AMENDMENTS TO THE CLAIMS: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application. 



Claims 1-20 (canceled). 



21 . (New) A method for providing access to an online service, the method 
comprising: 

receiving a first digital certificate from a user, the first digital certificate attesting to 
at least one attribute of the user; 

determining, based at least in part on the first digital certificate, whether the user 
is authorized to access the online service; and 

if the user is authorized to access the online service, issuing a second digital 
certificate to the user, the second digital certificate attesting to the user's permission to 
access the online service. 
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22. (New) A method as in claim 21 , further comprising: 

receiving a request from the user to access the online service; 
checking the second digital certificate to determine whether the user has 

permission to access the online service; and 

allowing the user to access the online service if it is determined that the user has 

permission to access the online service. 
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23. (New) A method as in claim 22, in which said checking step is performed in a 
protected processing environment at a local computer system from which the user 
made the request to access the online service. 

24. (New) A method as in claim 21 , further comprising: 
sending software for using the online service to the user; 

sending a digital signature for determining the integrity of the software to the 

user. 

25. (New) A method as in claim 24, in which the digital signature is bound, at least in 
part, to the identity of the online service. 

26. (New) A method as in claim 21 , further comprising: 

providing a third digital certificate to the user, the third digital certificate attesting to the 
identify ol the online service, the third digital certificate being issued by a certifying 
authority. 

27. (New) A method as in claim 26, in which the first digital certificate is issued by the 
certifying authority. 

28. (New) A method as in claim 21 , in which the first digital certificate includes an 
indication of the user's age. 
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29. (New) A method as in claim 21 , in which the first digital certificate identifies a 
party responsible for paying for the user's access to online services. 

30. (New) A method as in claim 29, further comprising: 

sending a request for payment to the party responsible for paying for the user's 
access to online services; and 

receiving an indication that payment has been received. 



31 . (New) A method as in claim 30, in which the steps of (a) sending a request for 
payment and (b) receiving an indication that payment has been received are performed 
prior to performing the step of sending the second digital certificate to the user. 

32. (New) A method as in claim 21 , in which the second digital certificate attests to 
the user's permission to access the online service until a specified date. 

33. (New) A method as in claim 21 , in which the at least one attribute comprises an 
indication of the amount of purchases the user is allowed to make in a given time 
period. 
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34. (New) A method as in claim 21 , in which the online service comprises an 
interactive online game. 

35. (New) A method as in claim 34, further comprising: 

sending software for playing the online game to the user in a secure container. 



36. (New) A method as in claim 21 , in which the online service comprises a 
subscription. 



37. (New) A method as in claim 36, in which the second digital certificate includes an 
expiration date of the subscription. 



38. (New) A method as in claim 21 , further comprising: 
collecting payment information from the user. 

39. (New) A method as in claim 38, further comprising: 
sending the payment information to a financial clearinghouse. 



40. (New) A method as in claim 21 , further comprising: 
collecting information relating to the user's use of the online service. 
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41 . (New) A method as in claim 40, further comprising: 

sending the information relating to the user's use of the online service to a usage 
clearinghouse. 

42. (New) A method for accessing an online service, the method comprising: 
sending a first request to access an online service from a user's site to an online 

service provider's website, the first request including a first digital certificate attesting to 
at least one attribute of the user; 



receiving a request for payment information; 

sending the payment information to the online service provider's website, or a 
website associated therewith; and 

receiving a second digital certificate, the second digital certificate indicating that 
the user is authorized to access the online service; 
accessing the online service. 



43. (New) A method as in claim 42, further comprising: 
sending a second request to access the online service; 

checking the second digital certificate to determine whether the user has 
permission to access the online service; and 

allowing the user to access the online service if it is determined that the user has 
permission to access the online service. 

44. (New) A method as in claim 43, in which said checking step is performed- in a 
protected processing environment at the user's computer system. 
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45. (New) A method as in claim 42, further comprising: 
receiving software for using the online service; 

receiving a digital signature for determining the integrity of the software. 

46. (New) A method as in claim 45, in which the digital signature is bound, at least in 
part, to the identity of the online service. 
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47. (New) A method as in claim 42, further comprising: 

receiving a third digital certificate, the third digital certificate attesting to the 
identify of the online service, the third digital certificate being issued by a certifying 
authority. 

48. (New) A method as in claim 47, in which the first digital certificate is issued by the 
certifying authority. 

49. (New) A method as in claim 42, in which the first digital certificate includes an 
indication of the user's age. 

50. (New) A method as in claim 42, in which the first digital certificate identifies a 
party responsible for paying for the user's access to online services. 

51 . (New) A method as in claim 42, in which the second digital certificate attests to 
the user's permission to access the online service until a specified date. 

52. (New) A method as in claim 42, in which the at least one attribute comprises an 
indication of the amount of purchases the user is allowed to make in a given time 
period. 

53. (New) A method as in claim 42, in which the online service comprises an 
interactive online game. 
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54. (New) A method as in claim 53, further comprising: 

receiving a secure container from the online service provider's website, the 
secure container containing software for playing the online game. 



55. (New) A method as in claim 42, in which the online service comprises a 
subscription. 

56. (New) A method as in claim 55, in which the second digital certificate includes an 
expiration date of the subscription. 



57. (New) A method as in claim 42, further comprising: 

sending information relating to the user's use of the online service to a remote 

site. 
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58. _ (New) A method as in claim 57, in which the remote site comprises a usage 
clearinghouse. 

59. (New) A method as in claim 57, in which the remote site comprises the online 
service provider's website. 

60. (New) A computer program product stored on a computer-readable medium, the 
computer program product including instructions that, when executed by a computer 
system, cause the computer system to perform acts comprising: 

receiving a first digital certificate from a user, the first digital certificate attesting to 
at least one attribute of the user; 



determining, based at least in part on the first digital certificate, whether the user 
is authorized to access the online service; and 

if the user is authorized to access the online service, issuing a second digital 
certificate to the user, the second digital certificate attesting to the user's permission to 
access the online service. 
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61 . (New) A computer program product as in claim 60, the computer program 
product further including instructions that, when executed by a computer system, cause 
the computer system to perform acts comprising: 

receiving a request from the user to access the online service; 

checking the second digital certificate to determine whether the user has 
permission to access the online service; and 

granting the user access to the online service if it is determined that the user has 
permission to access the online service. 

-V 

62. (New) A computer program product stored on a computer-readable medium, the 
computer program product including instructions that, when executed by a computer 
system, cause the computer system to perform acts comprising: 

sending a first request to access an online service to an online service provider's 
website, the first request including a first digital certificate attesting to at least one 
attribute of a user; 

receiving a request for payment information; 
sending the payment information to the online service provider's website, or a website 
associated therewith; 
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receiving a second digital certificate, the second digital certificate indicating that 
the user is authorized to access the online service; and 
accessing the online service. 
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63. (New) A computer program product as in claim 62, the computer program 
product further including instructions that, when executed by a computer system, cause 
the computer system to perform acts comprising: 

sending a second request to access the online service; 

checking the second digital certificate to determine whether the user has 
permission to access the online service; and 

allowing the user to access the online service if it is determined that the user has 
permission to access the online service. 
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